Government orders data retention by ISPs

Keep it for 12 months for the plods

Phone and internet companies will soon be forced to keep logs of internet usage to be made available to the police under a new law announced by Prime Minister Gordon Brown this week.

The law, the Communications Data Bill, will implement the remainder of the European Union's Data Retention Directive.

Last October the Government enacted regulations which said that telcos must keep records of phone calls to and from land lines and mobile telephones. That requirement will be extended to records of customers' internet usage, email usage and voice over internet protocol (VoIP) records.

“The aim of the [Directive] is to ensure that certain data is retained to enable public authorities to undertake their lawful activities to investigate, detect and prosecute crime and to protect the public," said a Home Office spokeswoman.

“The first part of the [Directive] was transposed into UK law in October 2007 but the Government made a declaration … to postpone its application to the retention of communications data relating to internet access, internet telephony and internet email until 2009. So the measures referred to in the Communications Data Bill will complete the transposition of the Directive for IP [internet protocol] communications data," said the Home Office spokeswoman.

The Bill is likely to follow the lead of last year's Data Retention (EC Directive) Regulations in ordering providers to keep the data for 12 months.

Law enforcement agencies can gain access to such data with a court-ordered warrant. Though providers almost uniformly keep the information for such periods to resolve any future billing disputes, the laws will ensure that they do so.

The laws order the retention of who called whom, when and for how long but not the content of phone calls. The internet log retention orders will also mandate the keeping of information on a user's activity but not the content of any communications.

A telecoms business lobby group told OUT-LAW.COM at the passing of the Regulations last year that the orders would have little impact on the industry.

"The reality is that nothing much has changed. The new legislation will make little practical difference as most telecoms providers keep certain information for billing purposes and customer records," said Michael Eagle of the Federation of Communications Services. "That information would be enough to meet the requirements of law enforcement agencies. There is no need to keep more data that you are ever likely to be asked for."

The Home Office would not release details of the Bill and how it would work. A statement, though, said: "the purpose of the Bill is to allow communications data capabilities for the prevention and detection of crime and protection of national security to keep up with changing technology through providing for the collection and retention of such data".

"Unless the legislation is updated to reflect these changes, the ability of public authorities to carry out their crime prevention and public safety duties and to counter these threats will be undermined," it said.

The European Commission had put a deadline of 15 March 2009 for the transposition into law of the whole Directive.